Google Tensorflow vulnerabilities

CVE-2021-37685 [MEDIUM] CWE-125 CVE-2021-37685: TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`expand_dims.cc`](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability which allows reading one element outside of bounds of heap allocated da

CVE-2021-37668 [MEDIUM] CWE-369 CVE-2021-37668: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attac TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.UnravelIndex` by triggering a division by 0. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/k

CVE-2021-37680 [MEDIUM] CWE-369 CVE-2021-37680: TensorFlow is an end-to-end open source platform for machine learning. In affected versions the impl TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected layers in TFLite is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/fully_connected.cc#L226). We have patched the iss

CVE-2021-37653 [MEDIUM] CWE-369 CVE-2021-37653: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attac TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in `tf.raw_ops.ResourceGather`. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L725-L7

CVE-2021-37661 [MEDIUM] CWE-681 CVE-2021-37661: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attac TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in `boosted_trees_create_quantile_stream_resource` by using negative arguments. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boost

CVE-2021-37672 [MEDIUM] CWE-125 CVE-2021-37672: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attac TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `tf.raw_ops.SdcaOptimizerV2`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tens

CVE-2021-37645 [MEDIUM] CWE-681 CVE-2021-37645: TensorFlow is an end-to-end open source platform for machine learning. In affected versions the impl TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The [implementation](https://github.com/te

CVE-2021-37675 [MEDIUM] CWE-369 CVE-2021-37675: TensorFlow is an end-to-end open source platform for machine learning. In affected versions most imp TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference [implementation](https://github.com/tensorflow/tensorflow/blob/460e000

CVE-2021-37677 [MEDIUM] CWE-20 CVE-2021-37677: TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shap TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for `tf.raw_ops.Dequantize` has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference [implementation](https://github.com/tensorflow/tensorflow/blob/460e000

CVE-2021-37636 [MEDIUM] CWE-369 CVE-2021-37636: TensorFlow is an end-to-end open source platform for machine learning. In affected versions the impl TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseDenseCwiseDiv` is vulnerable to a division by 0 error. The [implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc

CVE-2021-37684 [MEDIUM] CWE-369 CVE-2021-37684: TensorFlow is an end-to-end open source platform for machine learning. In affected versions the impl TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched the issue in GitHub commit [dfa22b348b70bb89d6d6ec0ff53973bacb4f4695](https://github.com/tensorflow/tensorflow/com

CVE-2021-37642 [MEDIUM] CWE-369 CVE-2021-37642: TensorFlow is an end-to-end open source platform for machine learning. In affected versions the impl TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.ResourceScatterDiv` is vulnerable to a division by 0 error. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/resource_variable_ops.cc#L865) us

CVE-2021-37670 [MEDIUM] CWE-125 CVE-2021-37670: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attac TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `tf.raw_ops.UpperBound`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflo

CVE-2021-37649 [MEDIUM] CWE-476 CVE-2021-37649: TensorFlow is an end-to-end open source platform for machine learning. The code for `tf.raw_ops.Unco TensorFlow is an end-to-end open source platform for machine learning. The code for `tf.raw_ops.UncompressElement` can be made to trigger a null pointer dereference. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/compression_ops.cc#L50-L53) obtains

CVE-2021-37646 [MEDIUM] CWE-681 CVE-2021-37646: TensorFlow is an end-to-end open source platform for machine learning. In affected versions the impl TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.StringNGrams` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The [implementation](https://github.com/tensorflow/tensor

CVE-2021-37683 [MEDIUM] CWE-369 CVE-2021-37683: TensorFlow is an end-to-end open source platform for machine learning. In affected versions the impl TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/div.cc). There is no check that the divisor tensor does not contai

CVE-2021-37637 [MEDIUM] CWE-476 CVE-2021-37637: TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a n TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/data/compression_utils.cc#L3

CVE-2021-37686 [MEDIUM] CWE-835 CVE-2021-37686: TensorFlow is an end-to-end open source platform for machine learning. In affected versions the stri TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for [ellipsis in axis definition](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df

CVE-2021-37669 [MEDIUM] CWE-681 CVE-2021-37669: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attac TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.NonMaxSuppressionV5` by triggering a division by 0. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow

CVE-2021-37660 [MEDIUM] CWE-369 CVE-2021-37660: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attac TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/